Add a network policy that governs how your pods communicate with each other.

Prerequisites

Log in to the Tanzu Mission Control console, go to the Policies page and view the network policies for the object, as described in View the Policy Assignments for an Object.

Make sure you have the appropriate permissions.
  • To create a network policy for an object, you must be associated with the .admin role for that object.

Procedure

  1. On the Policies page, click the Network tab.
  2. Use the tree control to navigate to and select the object for which you want to create a network policy.
  3. Click Create Network Policy.
  4. Select the network policy recipe to use.
  5. Provide a policy name.
  6. If you select a pod-specific recipe, you must specify the labels to identify the pods to which the policy applies.
    1. Under Labels, enter the key and value on which to filter pods.
    2. Click Add Label.
    You can optionally repeat this step to add multiple labels. Each label that you add increases the potential group of pods that are impacted by the policy. The policy impacts the pods that have any of the labels that you include.
  7. If you select the custom-egress or custom-ingress recipe, you can add a rule to define criteria to restrict network traffic. For more information, see Rules in Network Policies.
  8. You can optionally provide label selectors to specify particular namespaces that you want to include or exclude for this policy.
    Note: The label selector for network policies in Tanzu Mission Control matches only the labels that you have applied to resources through Tanzu Mission Control. Labels that are created outside of Tanzu Mission Control are not evaluated.
    For more information about how label selectors work, see Policy-Driven Cluster Management in VMware Tanzu Mission Control Concepts.
  9. Click Create Policy.

Results

When you click Create Policy, the new network policy is applied to the object and is displayed on the Policies page.